-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support PKCS11 3.0 #183
base: master
Are you sure you want to change the base?
Support PKCS11 3.0 #183
Conversation
d1227c1
to
432dddc
Compare
b749973
to
78b71b8
Compare
11c58d9
to
913b3d9
Compare
Adresses #270 |
6f7b239
to
2b25889
Compare
switch (m) { | ||
case CKM_EDDSA: | ||
return true; | ||
|
||
default: | ||
break; | ||
} |
Check notice
Code scanning / CodeQL
No trivial switch statements Note
@@ -4946,6 +5159,214 @@ | |||
return CKR_OK; | |||
} | |||
|
|||
CK_RV parse_ed_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate, |
Check warning
Code scanning / CodeQL
Poorly documented large function Warning
@@ -1698,7 +1786,7 @@ | |||
return CKR_OK; | |||
} | |||
|
|||
static CK_RV load_public_key(yh_session *session, uint16_t id, EVP_PKEY *key) { | |||
static CK_RV load_public_key(yh_session *session, uint16_t id, EVP_PKEY **key) { |
Check warning
Code scanning / CodeQL
Poorly documented large function Warning
} | ||
char config[256]; | ||
assert(strlen(connector_url) + strlen("connector=") < 256); | ||
sprintf(config, "connector=%s", connector_url); |
Check failure
Code scanning / CodeQL
Unbounded write Critical
an environment variable
Having problems signing with EdDSA on YubiHSM2 via PKCS11. Getting an pkcs11:p11prov_Sign:The size of plaintext input data to a cryptographic operation is invalid (Out of range):interface.gen.c:679:Error returned by C_Sign error As I understand the PKCS11 v3.0 spec, the 1024 bit limit (note by "adma" in line 2228) applies only to "ECDSA without hashing" (CKM_ECDSA) as it only processes a hash value. see: https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061189 EdDSA does not have this limit, so the size of "op_info->buffer" should be the limiting factor see: https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/os/pkcs11-curr-v3.0-os.html#_Toc30061191
…ation on MacOS runners
…ild: Fix Redhat and MacOS builds
PKCS11 3.0 support, and also added ed25519 support, mechanisms for which were added in pkcs11 3.0